Hello there guys, I configured the OPSEC LEA client, and everything seems to be fine, but into the "Last Connection" I can see "Not Connected".
Following are the debug information, I hope somebody can help me, as I already searched a lot.
Inside the splunkd.log I get the following information:
Opsec.conf
[root@hostname Splunk_TA_opseclea_linux22]# cat local/opsec.conf
[Checkpoint]
collect_audit = 0
fw_version = 77
is_disabled = 0
lea_server_auth_port = 18184
lea_server_auth_type = sslca
lea_server_ip = 172.25.2.174
opsec_entity_sic_name = "DN=cp_mgmt,O=bespx2103..8onvkt"
opsec_sic_name = "DN=SplunkLEA,O=bespx2103..8onvkt"
opsec_sslca_file = ../certs/opsec.p12
disabled = 0
Splunkd.log:
09-03-2014 15:38:41.145 -0300 ERROR ExecProcessor - message from "/opt/splunk/etc/apps/Splunk_TA_opseclea_linux22/bin/lea-loggrabber.sh --configentity Checkpoint" ERROR: failed to create session (Argument is NULL or lacks some data)
09-03-2014 15:38:57.807 -0300 ERROR ExecProcessor - message from "/opt/splunk/etc/apps/Splunk_TA_opseclea_linux22/bin/lea-loggrabber.sh --configentity Checkpoint" ERROR: failed to create session (Argument is NULL or lacks some data)
09-03-2014 15:39:14.474 -0300 ERROR ExecProcessor - message from "/opt/splunk/etc/apps/Splunk_TA_opseclea_linux22/bin/lea-loggrabber.sh --configentity Checkpoint" ERROR: failed to create session (Argument is NULL or lacks some data)
09-03-2014 15:39:31.177 -0300 ERROR ExecProcessor - message from "/opt/splunk/etc/apps/Splunk_TA_opseclea_linux22/bin/lea-loggrabber.sh --configentity Checkpoint" ERROR: failed to create session (Argument is NULL or lacks some data)
And this is the output of loggrabber debug mode:
/opt/splunk/etc/apps/Splunk_TA_opseclea_linux22/bin/lea-loggrabber-debug.sh --configentity Checkpoint --debug-level 3
Using Splunk instance: /opt/splunk/, app name Splunk_TA_opseclea_linux22
Splunk username: admin
Password:
DEBUG: LOGGRABBER configuration file is: /opt/splunk/etc/apps/Splunk_TA_opseclea_linux22/bin/fw1-loggrabber.conf
DEBUG: function logging_init_env
DEBUG: function open_screen
DEBUG: Open connection to screen.
DEBUG: Logfilename : fw.log
DEBUG: Record Separator : |
DEBUG: Resolve Addresses: No
DEBUG: Show Filenames : No
DEBUG: FW1-2000 : No
DEBUG: Online-Mode : No
DEBUG: Audit-Log : No
DEBUG: Show Fieldnames : Yes
DEBUG: function get_fw1_logfiles
splunk internal call command: $SPLUNK_HOME/bin/splunk _internal call /servicesNS/nobody/Splunk_TA_opseclea_linux22/opsec/opsec_conf/Checkpoint
splunk output: QUERYING: 'servicesNS/nobody/Splunk_TA_opseclea_linux22/opsec/opsec_conf/Checkpoint'
xxxx Status: 200.
Content:
<?xml version="1.0" encoding="UTF-8"?>
<!--This is to override browser formatting; see server.conf[xxxxServer] to disable. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .-->
<?xml-stylesheet type="text/xml" href="/static/atom.xsl"?>
servicesNS/nobody/Splunk_TA_opseclea_linux22/opsec/opsec_conf
2014-09-03T15:41:07-03:00
Splunk
opensearch:totalResults1/opensearch:totalResults
opensearch:itemsPerPage30/opensearch:itemsPerPage
opensearch:startIndex0/opensearch:startIndex
Checkpoint
xxxxs://127.0.0.1:8089/servicesNS/nobody/Splunk_TA_opseclea_linux22/opsec/opsec_conf/Checkpoint
2014-09-03T15:41:07-03:00
admin
0/s:key
0/s:key
Splunk_TA_opseclea_linux22/s:key
1/s:key
1/s:key
1/s:key
1/s:key
1/s:key
1/s:key
1/s:key
admin/s:key
admin/s:item
/s:list
/s:key
admin/s:item
/s:list
/s:key
/s:dict
/s:key
1/s:key
app/s:key
/s:dict
/s:key
Splunk_TA_opseclea_linux22/s:key
collect_audit/s:item
conn_buf_size/s:item
is_cma/s:item
is_disabled/s:item
is_provider/s:item
lea_server_port/s:item
no_nagle/s:item
no_resolve/s:item
online_mode/s:item
/s:list
/s:key
fw_version/s:item
lea_server_auth_port/s:item
lea_server_auth_type/s:item
lea_server_ip/s:item
opsec_entity_sic_name/s:item
opsec_sic_name/s:item
opsec_sslca_file/s:item
/s:list
/s:key
/s:key
/s:dict
/s:key
nobody/s:key
77/s:key
0/s:key
18184/s:key
sslca/s:key
172.25.2.174/s:key
DN=cp_mgmt,O=bespx2103..8onvkt/s:key
DN=SplunkLEA,O=bespx2103..8onvkt/s:key
../certs/opsec.p12/s:key
/s:dict
-v opsec_sic_name DN=SplunkLEA,O=bespx2103..8onvkt -v opsec_sslca_file ../certs/opsec.p12 -v lea_server ip 172.25.2.174 -v lea_server auth_port 18184 -v lea_server auth_type sslca -v lea_server opsec_entity_sic_name DN=cp_mgmt,O=bespx2103..8onvkt
[ 19929 4150278960]@hostname.bs.br.bsch[3 Sep 15:41:07] Env Configuration:
(
:type (opsec_info)
:lea_server (
:opsec_entity_sic_name ("DN=cp_mgmt,O=bespx2103..8onvkt")
:auth_type (sslca)
:auth_port (18184)
:ip (172.25.2.174)
)
:opsec_sslca_file ("../certs/opsec.p12")
:opsec_sic_name ("DN=SplunkLEA,O=bespx2103..8onvkt")
)
[ 19929 4150278960]@hostname.bs.br.bsch[3 Sep 15:41:07] Could not find info for ...opsec_shared_local_path...
[ 19929 4150278960]@hostname.bs.br.bsch[3 Sep 15:41:07] Could not find info for ...opsec_sic_policy_file...
[ 19929 4150278960]@hostname.bs.br.bsch[3 Sep 15:41:07] Could not find info for ...opsec_mt...
[ 19929 4150278960]@hostname.bs.br.bsch[3 Sep 15:41:07] opsec_init: multithread safety is not initialized
[ 19929 4150278960]@hostname.bs.br.bsch[3 Sep 15:41:07] cpprng_opsec_initialize: path is not initialized - will initialize
[ 19929 4150278960]@hostname.bs.br.bsch[3 Sep 15:41:07] cpprng_opsec_initialize: full file name is ops_prng
[ 19929 4150278960]@hostname.bs.br.bsch[3 Sep 15:41:07] cpprng_opsec_initialize: dev_urandom_poll returned 0
[ 19929 4150278960]@hostname.bs.br.bsch[3 Sep 15:41:07] opsec_file_is_intialized: seed is initialized
[ 19929 4150278960]@hostname.bs.br.bsch[3 Sep 15:41:07] cpprng_opsec_initialize: seed init for opsec succeeded
[ 19929 4150278960]@hostname.bs.br.bsch[3 Sep 15:41:07] PM_policy_create: version 5301.
[ 19929 4150278960]@hostname.bs.br.bsch[3 Sep 15:41:07] PM_policy_add_name_to_group: finished successfully.
[ 19929 4150278960]@hostname.bs.br.bsch[3 Sep 15:41:07] PM_policy_set_local_names: () names. finished successfully.
[ 19929 4150278960]@hostname.bs.br.bsch[3 Sep 15:41:07] PM_policy_create: finished successfully.
[ 19929 4150278960]@hostname.bs.br.bsch[3 Sep 15:41:07] PM_policy_add_name_to_group: finished successfully.
[ 19929 4150278960]@hostname.bs.br.bsch[3 Sep 15:41:07] PM_policy_set_local_names: (local_sic_name) names. finished successfully.
[ 19929 4150278960]@hostname.bs.br.bsch[3 Sep 15:41:07] PM_policy_add_name_to_group: finished successfully.
[ 19929 4150278960]@hostname.bs.br.bsch[3 Sep 15:41:07] PM_policy_set_local_names: (127.0.0.1) names. finished successfully.
[ 19929 4150278960]@hostname.bs.br.bsch[3 Sep 15:41:07] PM_policy_add_name_to_group: finished successfully.
[ 19929 4150278960]@hostname.bs.br.bsch[3 Sep 15:41:07] PM_policy_set_local_names: ("DN=SplunkLEA,O=bespx2103..8onvkt") names. finished successfully.
[ 19929 4150278960]@hostname.bs.br.bsch[3 Sep 15:41:07] PM_apply_default_dn: finished successfully.
[ 19929 4150278960]@hostname.bs.br.bsch[3 Sep 15:41:07] get_my_fwca_password: error in name
[ 19929 4150278960]@hostname.bs.br.bsch[3 Sep 15:41:07] sslcaInitCP_Ex:failed to get password form pkcs12
[ 19929 4150278960]@hostname.bs.br.bsch[3 Sep 15:41:07] opsec_init_sslca: no key holder - symmetric SSLCA not started
[ 19929 4150278960]@hostname.bs.br.bsch[3 Sep 15:41:07] sslcaInitCP_Ex: using asym client without ca cert
[ 19929 4150278960]@hostname.bs.br.bsch[3 Sep 15:41:07] ckpSSLctx_New: prefs = 12
[ 19929 4150278960]@hostname.bs.br.bsch[3 Sep 15:41:07] CkpRegDir: Environment variable CPDIR is not set.
[ 19929 4150278960]@hostname.bs.br.bsch[3 Sep 15:41:07] GenerateGlobalEntry: Unable to get registry path
[ 19929 4150278960]@hostname.bs.br.bsch[3 Sep 15:41:07] sslcaInitCP_Ex: using asym client without ca cert
[ 19929 4150278960]@hostname.bs.br.bsch[3 Sep 15:41:07] ckpSSLctx_New: prefs = 32
[ 19929 4150278960]@hostname.bs.br.bsch[3 Sep 15:41:07] sslcaInitCP_Ex: using asym client without ca cert
[ 19929 4150278960]@hostname.bs.br.bsch[3 Sep 15:41:07] ckpSSLctx_New: prefs = 11
[ 19929 4150278960]@hostname.bs.br.bsch[3 Sep 15:41:07] sslcaInitCP_Ex: using asym client without ca cert
[ 19929 4150278960]@hostname.bs.br.bsch[3 Sep 15:41:07] ckpSSLctx_New: prefs = 31
[ 19929 4150278960]@hostname.bs.br.bsch[3 Sep 15:41:07] opsec_init_sic_id_internal: Added sic id (ctx id = 0)
DEBUG: OPSEC LEA conf file is lea.conf
DEBUG: Authentication mode has been used.
DEBUG: Server-IP : 172.25.2.174
DEBUG: Server-Port : 18184
DEBUG: Authentication type: sslca
DEBUG: OPSEC sic certificate file name : ../certs/opsec.p12
DEBUG: Server DN (sic name) : DN=cp_mgmt,O=bespx2103..8onvkt
DEBUG: OPSEC LEA client DN (sic name) : DN=SplunkLEA,O=bespx2103..8onvkt
[ 19929 4150278960]@hostname.bs.br.bsch[3 Sep 15:41:07] opsec_init_entity_sic: called for the client side
[ 19929 4150278960]@hostname.bs.br.bsch[3 Sep 15:41:07] Configuring entity lea_server
[ 19929 4150278960]@hostname.bs.br.bsch[3 Sep 15:41:07] Could not find info for ...conn_buf_size...
[ 19929 4150278960]@hostname.bs.br.bsch[3 Sep 15:41:07] Could not find info for ...no_nagle...
[ 19929 4150278960]@hostname.bs.br.bsch[3 Sep 15:41:07] Could not find info for ...port...
[ 19929 4150278960]@hostname.bs.br.bsch[3 Sep 15:41:07] opsec_entity_add_sic_rule: adding rules: apply_to: ME, peer: DN=cp_mgmt,O=bespx2103..8onvkt, d_ip: NULL, dport 18184, svc: lea, method: sslca
[ 19929 4150278960]@hostname.bs.br.bsch[3 Sep 15:41:07] opsec_entity_add_sic_rule: adding INBOUND rule
[ 19929 4150278960]@hostname.bs.br.bsch[3 Sep 15:41:07] opsec_entity_add_sic_rule: adding OUTBOUND rule
[ 19929 4150278960]@hostname.bs.br.bsch[3 Sep 15:41:07] opsec_get_comm: creating comm for ent=9b78dc8 peer=9b6ff00 passive=0 key=2 info=0
[ 19929 4150278960]@hostname.bs.br.bsch[3 Sep 15:41:07] c=0x9b78dc8 s=0x9b6ff00 comm_type=4
[ 19929 4150278960]@hostname.bs.br.bsch[3 Sep 15:41:07] Could not find info for ...opsec_client...
[ 19929 4150278960]@hostname.bs.br.bsch[3 Sep 15:41:07] opsec_get_comm: Creating session hash (size=256)
[ 19929 4150278960]@hostname.bs.br.bsch[3 Sep 15:41:07] opsec_get_comm: ADDING comm=0x9b7b7e8 to ent=0x9b78dc8 with key=2
[ 19929 4150278960]@hostname.bs.br.bsch[3 Sep 15:41:07] opsec_env_get_context_id_by_peer_sic_name: illegal DN of sic name: DN=cp_mgmt,O=bespx2103..8onvkt
[ 19929 4150278960]@hostname.bs.br.bsch[3 Sep 15:41:07] OPSEC_SET_ERRNO: err = 4 Argument is NULL or lacks some data (pre = 0)
[ 19929 4150278960]@hostname.bs.br.bsch[3 Sep 15:41:07] opsec_sic_connect: failed to get context id for connection
[ 19929 4150278960]@hostname.bs.br.bsch[3 Sep 15:41:07] opsec_get_comm: error in opsec_sic_connect
[ 19929 4150278960]@hostname.bs.br.bsch[3 Sep 15:41:07] destroying comm 0x9b7b7e8
[ 19929 4150278960]@hostname.bs.br.bsch[3 Sep 15:41:07] Destroying comm 0x9b7b7e8 with 0 active sessions
[ 19929 4150278960]@hostname.bs.br.bsch[3 Sep 15:41:07] pulling dgtype=ffffffff len=-1 to list=0x9b7b804
[ 19929 4150278960]@hostname.bs.br.bsch[3 Sep 15:41:07] REMOVING comm=0x9b7b7e8 from ent=0x9b78dc8 with key=2
[ 19929 4150278960]@hostname.bs.br.bsch[3 Sep 15:41:07] Unable to make session
ERROR: failed to create session (Argument is NULL or lacks some data)
DEBUG: function cleanup_fw1_environment
[ 19929 4150278960]@hostname.bs.br.bsch[3 Sep 15:41:07] Destroying entity 1 with 0 active comms
[ 19929 4150278960]@hostname.bs.br.bsch[3 Sep 15:41:07] opsec_destroy_entity_sic: deleting sic rules for entity 0x9b78dc8
[ 19929 4150278960]@hostname.bs.br.bsch[3 Sep 15:41:07] Destroying entity 2 with 0 active comms
[ 19929 4150278960]@hostname.bs.br.bsch[3 Sep 15:41:07] opsec_destroy_entity_sic: deleting sic rules for entity 0x9b6ff00
[ 19929 4150278960]@hostname.bs.br.bsch[3 Sep 15:41:07] IpcUnMapFile: unmapping file (handle=0x9b6f858)
[ 19929 4150278960]@hostname.bs.br.bsch[3 Sep 15:41:07] IpcUnMapFile: unmapping file (handle=0x9b6fbb0)
[ 19929 4150278960]@hostname.bs.br.bsch[3 Sep 15:41:07] IpcUnMapFile: unmapping file (handle=0x9b6fc30)
[ 19929 4150278960]@hostname.bs.br.bsch[3 Sep 15:41:07] IpcUnMapFile: unmapping file (handle=0x9b6fcd0)
[ 19929 4150278960]@hostname.bs.br.bsch[3 Sep 15:41:07] IpcUnMapFile: unmapping file (handle=0x9b6fd50)
[ 19929 4150278960]@hostname.bs.br.bsch[3 Sep 15:41:07] PM_policy_destroy: finished successfully.
[ 19929 4150278960]@hostname.bs.br.bsch[3 Sep 15:41:07] opsec_destroy_sic_id_internal: Destroyed sic id (ctx id=0)
[ 19929 4150278960]@hostname.bs.br.bsch[3 Sep 15:41:07] opsec_env_destroy_sic_id_hash: Destroyed sic id hash
[ 19929 4150278960]@hostname.bs.br.bsch[3 Sep 15:41:07] fwd_env_destroy: env 0x9b530e8 (alloced = 1)
[ 19929 4150278960]@hostname.bs.br.bsch[3 Sep 15:41:07] T_env_destroy: env 0x9b530e8
[ 19929 4150278960]@hostname.bs.br.bsch[3 Sep 15:41:07] do_fwd_env_destroy: really destroy 0x9b530e8
splunk internal call command: $SPLUNK_HOME/bin/splunk _internal call /servicesNS/nobody/Splunk_TA_opseclea_linux22/opsec/entity_health/Checkpoint
splunk output: QUERYING: 'xxxxs://127.0.0.1:8089/servicesNS/nobody/Splunk_TA_opseclea_linux22/opsec/entity_health/Checkpoint'
xxxx Status: 200.
Content:
<?xml version="1.0" encoding="UTF-8"?>
<!--This is to override browser formatting; see server.conf[xxxxServer] to disable. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .-->
<?xml-stylesheet type="text/xml" href="/static/atom.xsl"?>
xxxxs://127.0.0.1:8089/servicesNS/nobody/Splunk_TA_opseclea_linux22/opsec/entity_health
2014-09-03T15:41:08-03:00
Splunk
opensearch:totalResults1/opensearch:totalResults
opensearch:itemsPerPage30/opensearch:itemsPerPage
opensearch:startIndex0/opensearch:startIndex
Checkpoint
xxxxs://127.0.0.1:8089/servicesNS/nobody/Splunk_TA_opseclea_linux22/opsec/entity_health/Checkpoint
2014-09-03T15:41:08-03:00
admin
0/s:key
Splunk_TA_opseclea_linux22/s:key
1/s:key
1/s:key
1/s:key
1/s:key
1/s:key
1/s:key
1/s:key
admin/s:key
admin/s:item
/s:list
/s:key
admin/s:item
/s:list
/s:key
/s:dict
/s:key
1/s:key
app/s:key
/s:dict
/s:key
Splunk_TA_opseclea_linux22/s:key
last_connection_timestamp/s:item
/s:list
/s:key
is_connected/s:item
/s:list
/s:key
/s:key
/s:dict
/s:key
nobody/s:key
0/s:key
/s:dict
splunk internal call command: $SPLUNK_HOME/bin/splunk _internal call /servicesNS/nobody/Splunk_TA_opseclea_linux22/opsec/entity_health/ -post:name Checkpoint -post:is_connected 0 -post:last_connection_timestamp
splunk output: QUERYING: 'xxxxs://127.0.0.1:8089/servicesNS/nobody/Splunk_TA_opseclea_linux22/opsec/entity_health/Checkpoint'
xxxx Status: 200.
Content:
<?xml version="1.0" encoding="UTF-8"?>
<!--This is to override browser formatting; see server.conf[xxxxServer] to disable. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .-->
<?xml-stylesheet type="text/xml" href="/static/atom.xsl"?>
xxxxs://127.0.0.1:8089/servicesNS/nobody/Splunk_TA_opseclea_linux22/opsec/entity_health
2014-09-03T15:41:08-03:00
Splunk
opensearch:totalResults1/opensearch:totalResults
opensearch:itemsPerPage30/opensearch:itemsPerPage
opensearch:startIndex0/opensearch:startIndex
Checkpoint
xxxxs://127.0.0.1:8089/servicesNS/nobody/Splunk_TA_opseclea_linux22/opsec/entity_health/Checkpoint
2014-09-03T15:41:08-03:00
admin
0/s:key
Splunk_TA_opseclea_linux22/s:key
1/s:key
1/s:key
1/s:key
1/s:key
1/s:key
1/s:key
1/s:key
admin/s:key
admin/s:item
/s:list
/s:key
admin/s:item
/s:list
/s:key
/s:dict
/s:key
1/s:key
app/s:key
/s:dict
/s:key
Splunk_TA_opseclea_linux22/s:key
last_connection_timestamp/s:item
/s:list
/s:key
is_connected/s:item
/s:list
/s:key
/s:key
/s:dict
/s:key
nobody/s:key
0/s:key
/s:dict
QUERYING: 'xxxxs://127.0.0.1:8089/servicesNS/nobody/Splunk_TA_opseclea_linux22/opsec/entity_health/'
xxxx Status: 201.
Content:
<?xml version="1.0" encoding="UTF-8"?>
<!--This is to override browser formatting; see server.conf[xxxxServer] to disable. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .-->
<?xml-stylesheet type="text/xml" href="/static/atom.xsl"?>
xxxxs://127.0.0.1:8089/servicesNS/nobody/Splunk_TA_opseclea_linux22/opsec/entity_health
2014-09-03T15:41:09-03:00
Splunk
opensearch:totalResults1/opensearch:totalResults
opensearch:itemsPerPage30/opensearch:itemsPerPage
opensearch:startIndex0/opensearch:startIndex
Checkpoint
xxxxs://127.0.0.1:8089/servicesNS/nobody/Splunk_TA_opseclea_linux22/opsec/entity_health/Checkpoint
2014-09-03T15:41:09-03:00
admin
0/s:key
Splunk_TA_opseclea_linux22/s:key
1/s:key
1/s:key
1/s:key
1/s:key
1/s:key
1/s:key
1/s:key
admin/s:key
admin/s:item
/s:list
/s:key
admin/s:item
/s:list
/s:key
/s:dict
/s:key
1/s:key
app/s:key
/s:dict
/s:key
Splunk_TA_opseclea_linux22/s:key
{'wildcardFields': ['.*'], 'optionalFields': [], 'requiredFields': []}/s:key
nobody/s:key
0/s:key
/s:dict
DEBUG: function exit_loggrabber
DEBUG: function free_lfield_arrays
DEBUG: function free_afield_arrays
DEBUG: function free_lfield_arrays
DEBUG: function free_afield_arrays
... View more